Searching PAJ 



1/1 ^— v 



PATENT ABSTRACTS OF JAPAN 

(1 1 )Publication number : 2002-244557 
(43)Date of publication of application : 30.08.2002 



(51)IntCI. 



G09C 1/00 
H04L 9/32 



(21 Application number : 2001-039572 
(22)Date of filing : 1 6.02.2001 



(71 Applicant : ATR ADAPTIVE COMMUNICATIONS RES LAB 
(72)Inventor : KIRIMOTO NAOKI 

YAMAZAKI TATSUYA 



(54) CRYPTOGRAPHIC COMMUNICATION SYSTEM AND AUTHENTICATION METHOD USED THEREFOR 

(57)Abstract 

PROBLEM TO BE SOLVED: To provide a cryptographic 
communication system permitting mutual authentication without 
transmitting own certificates to a server from clients, and to provide 
an authentication method used therefor. 

SOLUTION: The cryptographic communication system 10 comprises 
a server 1 , client servers 2A, 2B, 2C, the Internet network 3, CA 
Proxy(Certificate Authority Proxy) 4, and a coupler 5. The CA Proxy 
4 is arranged between the Internet network 4 and the coupler 5. In 
response to a request for submittal of the digital certificates of the 
client servers 2A, 2B, 2c from the server 1 , the CA Proxy 4 
transmits to the server 1 their own digital certificates presenting 
that the client servers 2A, 2B, 2C are authorized servers, 
irrespective of whether or not the client servers 2A, 2B, 2C possess 
the digital certificates. 
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mm SrfTfc 5 >^ x A T fc o T , 
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ot-/<#Mttr*»tftv^ i: frttEfll 
2 6 <t 1»Ett«E«»*:fltlEJII 1 (O 

*-/<—aMti-«. K#*iSfcri»#«2fc:E*<0i* 

[MM 5] ttE*3 0t^fl, TOEJBioir- 
**6>S« UfcttEJU 1 '<©EW»frE9!»*i* 1? 
*hfcJR-&U *ttE»l©*w<©EW»#W*SftT 

»-r*«f:»BJii©*-^aflir6, «*3m*»& 
»**4©v^-r*t3ft»i*^E«oi»-§-a«s/^^-A Q 

[»*B 6 ] ffjES 3 Of-/<|j:, fflE& 1 ©t- 
sft*fegfllUfcTOE!l!l ©t-/<oEKttEB»ll*!) 
*b£J!&^U tJEfll©*- '<©EW»#**S*vt 
t*fcv*£ t *r*SRi"* tmE«:3SEM»«rlKlEJB 1 

KE*oi*-§*a« i/*y-J* 0 
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ttMEJB 2 ^3&SEW««r«»Uftv^**S:a** 
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JE««fc*r«tN W#*5*fcttB#*6teE«Ol*# 

ttEIR 2 w<oEW»o36«K*«rttrEJB 1 ©If- 
70 B(rE^2 0*— ^oEW»|-ftx.T«:aEM»«r«rEm 
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tefttob-fttBllll ©H-/^aWSft8, M*48|z 

[0 0 0 1 ] 
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100, llOtt, OSI (Open System 
Interconnect ion) #8*7^ 1 3 0 £ 
/SV*T#«<&fflF««:i2lgfll i-5 0 10 0 

tr~-* i i o t^-f^n&mvmmz^vT&v-r 

5 e OS I #i^f/H 3 0 12. fell, ^ V St 

S % ^i/fyr— > 3 yf, *s it/T^y tr— ->b >m 
— 5 l oo^3yt 6 a-^i l o fca«Srfir*5 

[000 3] Blllt OSI ^l^r/H 3 0(D#g 
JBI4 X ayt^-^ioo, l l 0£JSsfE-f 5^.— if^ 
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5^ ry^-v'ayHT^t^iHt^o ^-^a 
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g-ett, g^fcx— ^^rttfecor^y s/s v©5 

ft5fc©^W«l-<Cotl>5 e Sot, Tr/y-Jr— $/ 

[0 0 0 4] /l/f^f-v'a ^Sfi. JKOSs&^bjK* 
9, T^>S^bjS^tt^**Srm;^-^3>SlC3g 

SIR. ffi#i<&a«fiK&tt:fcLfc!K a«#ffi*r»5£ J» 

[0 0 0 5] b7^#-Mlis »«««ofr«ri»j» 
6fc»©afflr«l«i«rfT4 5« JM£#JUif4. h7^^- 

mm^t^m-r^o 0*0. **M7— *jp»4 % 

M^TK^^f^o t*-* y ^*J1I4. *y 

[0 0 0 6] _h5$Lfc7j§^<bj£SOS I afrJB^TVH 
3 O!:ffl^T2o03yt o a-^ 10 0, 11 0 m-C"? 
— 9#miK£inZ>o :ot}ft^^-*yHr«v^ 
x-^awtc^v^tt. x-^o-fc^y ^asfltKtt 
B8H-e*)9. 5*— *«rW#ftL"caflri-sr fcdStTftfc 

£*XT^5£>M\ SSL (Secure Sock 
e t Layer) &frJ§-a«T*> So S S L «H§-a« 
14, ^gg«SrS*i Lfci?*^ y 7^ - hy 
^ft^-Cfc^PKI (Public Key Inf 
rastructure) ^H«Pf#ftHf^Stfc 

So *L-c. ssLW»a«^a3u^Ttt. o 

[0 0 0 7] >fy^-^!x ME J:SiS{f K*5V*T\ >FIE 50 
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ftKyr^T /u«rKI4. aafS^^SrHMWi- 
5^t^fcixtv^ e L^L. SSLBf#a«G>» 
£\ OS I #B8 J &7 f ^<^JiJlSS^Bt^tS^xv^fc 
#K Pt^bStbTV^ftV^XTOafS^Jt^^T'f T|> 
/u-c+^ttaW^HBSr^TftS w*a s T#fcv\, rco 

ff*ll¥Uffl) ±i^#5N-6, 3-3 3 3-3 
- 3 3 4" Id ft. — hir^fff^— 9 b<D*? 

5 Si 19 Sr-fr— ^l:^otff4 5 S S LftSH£«i/^x 
^^n^^^txv^So Hi 2tt. :oss LftJl/S^v' 

^fAJr^ttt^-Cfc^c S S LftaS^v-^xA 2 
00J4, «O-9—*vh2 10k. 7r^7'?t^2 
20t, ftlt-/<2 3 0^, t-/^2 4 0 J:^btf 
So 7r^7^t*-/V2 2 0(4, -Y Z/*?—^ y h 2 1 0 
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;W2 2 0 14. ffeS^— /*2 3 O^bcD^^tOT 5 — 
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* — /<2 4 0I4, ¥^f*-^^77^7^t-/l'2 2 
0^S«tS. 77^7?t^2 2 0(i, SjfL^T 5 
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[0 0 0 9] r^)S S Lf^SlS^^^'r A 2 0 0tC*5V> 
X\%. ftS*— /<2 3 OtflJ-— /^2 4 OtCft^oT^- 

2 OldJlST^y ^soaftwfflisr 
afBffl^^a(offi#"c*>5 r t srtismKBE-rs n t 
^7^2 o o^ci3v^T^4. «a-y— /<2 3 oii, eEie 

**3J:t5©*fiiSr1^w<2 4 0j&>fc«5£tf\ i^-^2 
4 O^ft^oTBf-^SBEaftSr^^^o 
[0 0 10] Bt^-^^afi^^oVNTtSHS&iiE 

fti-ss«si ( r (Dw&mt*mumm cio tsie ^ ti 
^-^sraw-rsriicfto. 9 twmz 
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^_*ir3r^!J^ 7-4 (2 0 0 0. 1. 2 1) p 
1 9-24" Mil, IBfiE3?» (Authenticat 
ed Dictionary) £/B V ^Tiiffiffi^d* b& 
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Certificate Revocation Li 
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[0011] 

[3gWas«fcL<fc5 i-r^KjS] L*>U _LJ£Lfctt* 

o^r-*oam;£^:^Tte. a«*B*oBE 
it^-^oaflrsrfTftjaiw*^:^**^^™ 

T% @e<0EW»&«^L*oTBEi-5 fcCD-CfcSo 

tf>, afSffl^BBEWFl-fflAWtt^ffi^^ftj^jxstv^ 
5H1H^*)5 0 112 IC^^S S LftStiS^v-^^A 2 
0 0K*5V*Tfc. ttlt^2 3 0tf«#BEaA«rfr 
ft 5 -toBRlJiSHt i"5<oii-9— 2 4 0 oHE^S"? 
fc^o Lfc^oT, ^2 4 ooj^r#o<BA1f«as 

[0012] «*oi*#^— *©a«#a;fc::m* 

Ttt, a«<S*^ffi£BIEf«EW»JcS<5v^T*5 9. ^ 

(CRL) £Offi^2^ft:b;ft,TV^V^c&. 3§H#tf> 
ft 5 f * L \z X 5 * ]E ft Pfflfl £ Kit T# ft V > & V * 5 

[0 0 13] 36^SBBH«r»*i-« 
fc^tcft^^tfctcOTfot). -tOSWiis ^y^CT>h 
#*-/<fc»LTeeoEK»&i£« Lft< Tt, ffi£ 
'BE*^Bft##aft^^^AJ3J:tf-tn^«v^*BIiE 

[0 0 1 4] *fc. **WOgiJOB»tt. 
LfcEW»Sr*«Ufcffi#ioa««:KJl:-C#-5l«#a 

[0 0 1 5] 

t o da X*t — * * fc fiPt-g-T 5 - * £ SSift 5 SS 2 o * 
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[0018184KH ffff^aft^^^A^isV^T. 
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[ 0 0 1 9 ] B 3 O* g| 2 OlJ— /<OEW»0> 
ftto9^eBOEW»'«r»l©*^<-^aMii-<5 0 ^L 

siot^it «aiEW»^*^v^T«2o*— 

[0 0 2 0] UfctfoT. ro3S93K£;ft,tf. 3£2cDf- 

jeslo*-^ t in i co-^-^ k (Dmx^mit^n 

[0 0 2 1] jf^KH ^a^V^A^^T, 
JB3 *1 £>i>— '<;&>fegfIbrt:»2 0iJ— 

2 (D^-^^mmm^^m-r^ k Kmmwm* 

mi ©f-/^S«t5. 
[0 0 2 2] m2(Di^— /<|* v ^1 Of— s<frb<OW,2 

tt. /<^6>gfllbfcEM»fcftiL"Cft3aEW 

S£Jg 1 /<^anti-6. 

[0 0 2 3] Lfc^oT, ^0*91l;:«fcjh,tf. S20f 
-/<^EW»ft«»UTV^5»-&-Ct*2iO*-/<(Dfii 
Alt ^^rm 1 /<»^**-f I^JS 1 (Df— ^ ^2 

[0 0 2 4] ^^L< tt. fffM^^T^I^^T, 
S3<Dfw^ »2 0*-^0EW»0S**SB2 0 
fg2 0^-^dSEM»S:««pLftv^r 

Srmio^-^^(t-r-5o 

[0 0 2 5] »2 0fw<Ht; Sl^f-/^e,(^S2 
0*-^<DEW»<oaifB«*«rgBt!). EW»Sr<ft»U 

g3ot-/^ijt, e e *f^aEW»«riBi 

[0 0 2 6] Ltztf-oX, Z<D&W\Z£tl\*^ I20t 
-^35SEW*«r«^LT^ftV^^-et, Ii^)f^ 

£ trig i oi^-^^ora-ept-^amsr^ft 5 :t^T 

50 
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[0 0 2 7] »*U< tt. Ifc^affiV^x-MCSSl^T, 
*3<0-y— ^14. /<36»feftflrLfc«l©1>— 

fc *§rm i ^t^-iifit^c 

[0029] :^p^(ann ^ftffl 

^fc^Bt#a««:KJl:T?*S. £?£L<14. 70 

ft ufcsi i '«oum&*umttmm v*ht 

[0 0 3 0] 12 ©*w«oBEW#©ai«Sr5l* Lfc* 

[0 0 3 1 ] lf:^oT, Bff#afB 

[0 0 3 2] »* L < 14, S3 G>*— ft 1 £)-y— 20 

^t«2o*w^tono^a«sr«j»"r5a«»j»« 

a«MW«fc^LTft*ofcJSl <0*-^OIEW* 
SrSEWS^Sy * h*JB*-r«EW»IS*«i:, BE93» 

aflr*»«fc*uT»2©*-^oiEW»*fctt 

fro 

[0 0 3 3] 3 <0-y— >*[4. m 1 W—s< £M2 W 30 

[0034] i^ot, :(7)i^(atiil w#a« 

^«rR*46r i:lcJ:oT«Afll*M:MbTl»*afll«r 

[0 0 3 5 ] ro«WfcJ;3BliE#ifcl4. SS 1 <D 

t-/<t^ 2 £ OlH^*5t4SBBE*ife-e*>o 

JB 2 ©i>--/<G>BEW»<Dai« H#£fg 1 W—*<fr 40 

[0 0 3 6 ] ro^K{-iSISIiE^ffif-*5^Tf4, $1 
m 1 * firm 2 <0*-/<OBBE36SfT**> 

[0 0 3 7 ] Lfc^oT, r©*W*C±^tt % f@A1t^ 
[0 0 3 8] »* L< f4. S2 <£>*^ ft 50 
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[0 0 3 9] i2(Ot- -^^BBE«B^J:oTBBE*n 

[0 0 4 0] ufc^ox, r^iiaixn IE91«3r 

[0 04 1] 

^fcl4ffiS^^I4l^-^#Sr^LT^OffliKf4j»3g$ 

[0 0 4 2] Hlf4 % «SHte±5»»a«S';*^'A0> 
«*^oy^BTJ)5. Bf#a«^^7^ 1 0f4, *y— 

/Ui, ^7^ryht^2A, 2B, 2ch 

9—*V hi3^ CA Proxy (Certifi 
cate Authority Proxy) 4 ^ x ^ 
tSr<i^5o -y— /<lf4. *f i"*— MH3te 
mmZtlZc ^7^7yht^2A, 2B, 2CJ4. 
tt-&«5fc*KS*L5. CA P r o x y 4 f4, 

[0 0 4 3] -y— xM J4, «5*-*-5#ifclcJ:oT>r:^* 
CA P r o x y 4. *5 J; U«JB^S 5 S: 
iMT^7^7>ht^2A, 2B, 2C^f-^t 

A, 2B, 2 ca>k^— **fc!4l*^— 

J4rtF#'7 f — ^«:CA Proxy4^Hfl % CA P 
r o x y 4^bOv f --^^^:f4Pt^-^^-y--^i^ 

[0044] CA Proxy4li -f>-* — *yHB 
3 frb<D*f<-9 *^f4Bt#7 f -^ 5 ^Lt^ 

7^7^ h *y x< 2 A, 2B, 2C-ilHf-r5o Sfc. 
CAProxy4l4. & 7 4 T Is h D — '< 2 A , 2B, 
2 C^bOx — ^*^f4Pt#7 f —^ 5 

^5/fi3^itt-/n^mt5o Sfei-. c 

A Proxy 414. ^ l ^fcgfS 
«:BEW»«E*y ^ h (CRL) tflg^L, SWUfcB^F 

p>i*^^<5v^T*y— ^ i ijEa©a««¥i LTBtE-r 

5c *fc, Sb(-s CA Proxy4J4, <9—s< 1 
b^7^7yhf-^2A, 2B, 2 C(Dm^fiEP/1Sco 

«as*^jscT, eeow^BEw^sr-y— x<i 

t^c Wh. CA Proxy4lt ^7^7^ M>— 
^2 A, 2B, 2 C^m-T-BEMSSrftSpUTl^^^ 
tc?fcjt?b-fs t^ll:»LT^7^7yft^2 

a, 2B, 2 casjE&o-y— ^tfcs: ££^*t-S eta 
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®^fEW#£i£fii~5o o£9,CA Proxy4 
tt, ^7>fryht-^2A, 2B, 2ClCf^;t>oT^ 

^7^7ybt^<2A, 2B, 2Clt gBO 

[004 5l«**5tt» CA Proxy43&^Or 
— ^SfcttflFflr^— #tr^9>f T^Mh— /«2 A, 2 

[0 0 4 6] B2I4, ^1. i^^4T> h^—y<2 
A, 2B, 2C, jo<tT/CA Proxy40ffityu 
y^Sr^LttOT*fc5o '< 1 tt* Record 
Protocollftll^ Handshake Pr 
otocolSl2h Change Cipher 
Spec ProtocolSl3h AlertP.r 
otocol9514t N Appl icat ion Da 
ta Protocol^ 15^ 7^!) — v-3 ^gfl 
1 6 t Sr^tf o Record P r o t o c o 1 Jf|ll 
1 N Handshake P r o t o c o 1 ?P 1 2 , C 
hange Cipher Spec Protoco 
1S1 3, Alert Protocolg&14, 35 £ 
XfA ppl ication P r o t o c o 1 951 5(i 
SSL/Ph3;^iSt5o SSL^Pfn/Wl 0 
1 OliL^Lfcir^v-a ^Jf^r/n ha/wcfctK T:/y 
v-3 6 12, .HI 0 \Zi7jkVtz± y->B ^MX 0 

[0047] Record ProtocolSll 

{fcLT\ ^7^7yft- '<2A 9 2B, 2C^Mt 
5c ^7^7yh2A, 2B, 2Cd^S«Lfc 

Ptf f^-^Srat ft/ML-CT^!) ^Sl 6 

^(7l8£"t~o Handshake Protocol£Bl 

[0048] Change Cipher Spec 
ProtocolSUIl Handshake Pr 
o t o c o 1 «1 2 TSfc^S 3KL^I*-§-fcaI{i^ 

H^^^o Alert ProtocolSHIt i 

So Appl ication Data Protoc 

oi»i5tt, mtfrtem-fkikmig'*? 

T^y ^r — V'ffil 6ta. SSL/Ph^/^App 
licationData P r o t o c o 1 3 1 5 ^ 

5o T^y >Jr->3 isUl 6f4. #rfcK:f|s/£Lfc 

7*— 5 £r SSL^n h ^/V<DA ppl icat ion 
Data ProtocolSlS ^§l2t"t"o 
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[0049] ^^^T>h 2 A, 2 B , 2 C te. 

Record P r o t o c o 1 SP2 1 i, Hands 
hake Protocol£&22i N Change 
Cipher Spec ProtocolS23h 
Alert Protocol£i$24£. Appl ic 
ation Data Protocol325h 7 
ZfV fr—iSB >^2 6 t«r^tfo Record Pro 
tocol921, Handshake Protoc 
o 1 gfl 2 2 N Change Cipher Spec 

JO ProtocolS23, Alert Protoco 
1352 4, *5«tt5Ap plication Data 
Protoco l»2 5li % SS L^n h s^^fit^f 
So Record P r o t o c o 1 952 1 , Hand 
shake Protocolg&22 x Change 
Cipher Spec P r o t o c o 192 3, A 
lert ProtocolS|52 4 % 3o it^A p p 1 i 
cation Data Protoco 19251^, 
^tl^ti^ ICDRecord Protocol 

3ll> Handshake Protocol^l 

20 2 x Change Cipher Spec Prot 
ocolSl3 N Alert Protoco -lffil 
4 , jo &X$A ppl ication DataProt 

>>3^g15 2 6 f4 x t-/M(D77 P y^-^3>{f|5 1 6(C 

[0050] C A Proxy4lt Fp/^ 
^^^-954 CRL^zny^§I542^. KGEffi 

43i, tt3lJ£^Si$4 4 ££r^fr 0 Sifted FaHir 

j<? A, 2B, 2Ct<35lBT?fi : *i3ix5a«SrE«-rst t 
fcld, CRLfxi/^954 2, ^IEgC4 3. *5±tma 

«bb (H^*r) 3&sff*ufcEw»«aiy^h (cr 

3/^t/ft-S4 1 3&s-*^ — >< i LfcU— 

t^t^4 1^f5 0 fc*^ CRLfx>^S 
40 4 2HU Kt&KH*>bEE9J*ffi%» * h«rft)HW*-*» 

[0 0 5 1] fgfE£B 43ft CA Proxy4 (Dm* 

✓<2A, 2B, 2 C<B«^E93*©«ffi«rK#Sft* 
i:, ^7^7yht-/<2A, 2B, 2CI3CA Pr 
o x y 4 (OjiSTl:fc^^7-f7yhf^t*fc5Ii 

ht-/<2A, 2B, 2 C^W^ffiEW^KttfcTCA 
P r o x y 4 0«^EW«Srfmjfc«S6 4 4 — ffijfc-*- 
50 5 C ftlJSf?f|5 4 4 ll N ^7^7yht-/<2A, 2 
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B, 2C^b" CI ient Certif icat 
e" * yte — S^Sfctt" No Certificat 
e " t< yfe — ^*ffl«^n h =i/U^r^y^^— 1 £ 
^UTSfti-^^. BB»4 3^feg»ofcCA Pr 
o x y KD^UWmZfyJTl'' MJ— '<2 A, 2 
B, 2ClCft;boT^w<l^Hrr5e 

[0 0 5 2] ft*3> /<l*5j:tf^9>fT>h*— ^ 
2A, 2B, 2CC^It5SSLypf3/Wj:IETF 

(Interna t ional Engineer in 
gTask Force) \Z <fc o T4*H * *XT ^ 

[0 0 5 3] B3tt, «^E«»<0*ja&*-r«!»:/n 
2/*B"C*>s 0 m^HE^S5 Of*. ^-^3 >5 1 
> D 7^#f 52^ E«»36fT# 5 3 £ , 38fl#3.n 

4 fc. EEW#*3.-if 5 St, 
-^HS^5 6h EW#*4>BBBT/l'='!J 7 
EE*j*^M«5 8 fc. EW**»JWI8 5 9 t, HE 
0 fc. f«7;^yXi,6 1 f*62i 

5o EW»*3— -J* 5 5f*. BE«B8tt:§ea>4*ll«0 
»5 6li, BEttHl£SB0&HBaBE5rtt«-*-£ 

^n^>c iEW*f*^BB«ir^^y x^5 7tt, 

fo^o ew»*4*b*5 8H\ a-if^tt«snr. b 

E«B#BEi-34*B«"C*>S. BEiK»t»»ll8 5 9 

ft, I8SEiB^S*t5i:#, «?E9!«5 0 

s >5 1HW7^!IXA6 1 
BE«M©B*«'ri«HWtU £fci*BE«§8z>«#« 
^aft5it©7;^!IXATj!)5. i*6 2[t B 
E*B#«-?-EfH» 5 0^-v^3 V5 li»bW7^ 

r. ^^^-rit^Tfc^o pf-^SfSv-^^A i on, 

*«rtf*fb1-5#a«***-'<l i^?>f7yh*w< 
2 A, 2B, 2 CfcOlBT**-*-afc»^M«iBt#* 

M>— /<2A, 2B, 2Clt gS^li5 8^£ 

#-c*>5BE«BB^»«u toificioteso^ 

M&5 8£BIELTt><b 5o -t LT\ 1>— *5<£tf 
^7^7yft^2A, 2B, 2CI1 &^<DteMm 
5 8*BE«H^BELTt>fcofc«^EW»5 0 tr« 
ttU t ol^En 1 5 0 1: J: o 1 6 E#U4Ml: J: 



(7) <$H 2002-244557 

12 

oTTOSjifcjEjlOf-^tfJbS: i:S:SE^-r5o E 

[0 0 5 4] «6oT. W?-EB»5 OSrgff bfc-tf— 
l»tt, « J f-BEW»5 0SrBIE«H**fTbfc^B»E: 

[0 0 5 5] B4-H6B, fwUfc^5-{7yft 
—^2 A, 2B, 2 C t<DPflOS S LRf#»ftte*5t*« 

^7yhf-/<2A, 2B, 2 C£<Z>rao&fiaSHJ*&£ 
*t££ (Xfy/SlOO) . ^7-<7yft^2 
A, 2 B , 2 C<£>H a n d s h a k e Protoco 
1 $i$ 2 2 J*. " CI i entHe 1 1 o " * yfe — i?tr 
Record Protocol321 LT j^fff 
£ Ury7 p S 102) c CI ientHel 1 

o" jy-fe — ^fi, M^ofaW^a^ "fey 
v-h^ID. Bff ft7/l/^ y XA^Of ffilrt^ 0 CA 
£0 P r o x y 4 (DMiBzfv h3;l/^t^t-94 1 
fi. ^5^7yht-/<2A, 2B, 2C^bO" CI 
ientHel lo";* yt-y««U -*<&Sft L 
fc" CI ientHel lo'"^ y-fe — i^fe*— 1 — 
Sft *f-5 e 1 <£>H andshake Proto 

c o 1 SB 1 2 RecordProtocolgflll 
^^IT" CI ientHel 1 o w * y-fe — ^trSft 
t5,Ufy7'S104) o IT, Handshak 
e ProtocolSl2lt Sfi Lfc" C 1 i e n 
t H e 1 1 o M ^ — v^^^S^o hzi/w^— 

A$r ,, Seve^Hello ,, ^ y-fe — i/JC^^T^ 7 
-f7yhf^2A, 2B, 2C^2HT*-5 (^^^^ 
S 1 0 6) o 

[0056] CA Proxy4 <DMit 7* h =a/W^r«t 
-t 4 1 s< lfrbCD" ServerHe 

1 1 o" P« s/-fe — ^4-gftL. ^COglft b7t" S e r v 
^ e r H e 1 1 o M ^ yt-^^^^f 7> hf w^2 
A, 2B, 2C—*fi*rSc ^7>f7>ht- ^2 A, 
2B, 2COHandshake Protocol9 
22Wu"ServerHello"* yt- v^SrR e 
cor ProtocolS21 ^^UTSl^f w S 
erverHello"^ y-fc — i^^S^V^T^— ^ 1 

8) o milioT, tfyofTls h*i—s< 2 

A, 2B, 2 C toBB^W#aft^r*^«:S*ix5 0 

[ 0 0 5 7 ] ^rOSL 1<DH andshake 
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Pr o t oc o lSl 2ft, " ServerCert i 
f i c a t e " ^ yfe — i/^rRecord Proto 
colSll 3r;fr LT^jf-TS C*"r y^S 1 1 0) e 
w CD" ServerCertificate" 

^IfT'fcS I TU (International Te 
1 e c o mm unication Union) 
flsSftfcX:- 5 0 9 v 3ia5I?ttSHtot^$ 
HTV^5 0 gJLTMSfc'**" ClientCertifi 
c a t e" fcH«-CS>5 0 CA Proxy 4 Oil ft:/ 
n>a/U*ir:^'Y— «4 1 H\ fw^l^bo" Se 
rverCertificate" $r§flt, 
bfc w ServerCertif icate";* — 

Ift42te. "ServerCert i f i c a t e " * 

vxh (crl) tnn^u -9—^ i (om^ummtm 
mmmmvxh (crd mt*ft5^«rfx y ^ 

tSc ^bT, CRLf*y^»4 2tt, RH^«f«.«r» 
S 1 1 2) e 

[0 0 5 8] -9—^1 0«^BEM»dSE^»JSI* y * h 
(CRL) ha/^^/ft 

*i-*S*31fei*r*--^l^afll-t-5 (^ryysil 
4 ) o IT, ih— ^ 1 (OH andshake Pro 
t o c o 1 S 1 2 li, Record Protocol 
S&l l £;frLT&#j3i£n£§:{IL (^^S l l 
6) , tw<li^7^ryht^2A, 2B, 2C 
t©Mtt*Tt6 (^fy/S 1 54) 0 0^19, t 

w?l ktvJ Tls hir— ^2 A, 2B, 2 C £ 0>»« 
WTU ^7^ryht-^2A, 2B, 2COlM 

[00 5 9] ^y/S112 lc*3l*T\ 1 (DM 

f-uwm&mwmmm}) * h (crd i^*fttv^ft 

V^*(IWr£ixfc*§r* CA P r o x y 4 (Dl<f f 

MtS:^7^r>bf^2A, 2B, 2C— a£f§b 

(^y^S118) , ^7^7ybt-^2A, 2 
B, 2C0Hand shake Protocol92 
2it Record Protocol^521 IT 
*-^10«^F-|EW«SrS«-f5 (^T5'7 P S12 
0) e rtlCiot, /<1 ttES,co-9— ^-CfcSr 

B, 2Ctt, <o^BI«Sr»#i-5o 
[0 0 6 0] -t tt, 1 OH andshake 

Protocoiai2lt ^7-f7yht-/<2A, 
2B, 2Cfc#Urm-MEW»0»flr*rK*-*-C36»5** 

Srwe-rs Uf^ys 1 2 2) 0 «^nw»oanB«: 
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K#LfcV*4:# % EI 5 y^S 1 3 2 

£>o £fc. Handshake Protocol^l 

Certificate Request" £:Reco 
rd ProtocolSll Sr^bT^Hf U ^ 
7yhf-/<2A, 2B, 2 COH a n d s h a k e 
ProtocolS22{t CA Proxy4*5j:U ? 
Record Protocol^21 tr^UT" C e 
rtificate Request" b. -tix 

70 I^U" No C e r t i f i c a t e" * jy-fe — v> 
£CA .Prpxy4^Mt5 Ury7 P S12 
4) 0 

[0 0 6 1 ] #Cl;i N ^ 5 ^ — h l^o^T 

KWi-*o CA Pr oxy4(Dlf|7 P n hn/^^/ 
^ir— §154 llt % ^7>f7yhf- /<2A, 2B, 2C 
y^b" No. Certificate";* yfe — S^Srg 
ftb. ^ErOgff bfc" NoCertificate"^ 
s>-fe-S>«r»BE«4 3 *5 X ffi 4 4— mfiT 

5o ttt, I&IES&4 3 f*. "No Certific 
20 a t e" ^ yt-^HSlS^ ft^U^SCA P 
r o x y 4C0«^BEM»SrftaiS««4 4 — ffl^-TS. 
ttSJSS«4 4 11, M/D h3^t^ft-«4 1 
frb<D" NoCert if icate" p< :yir — 

5 (^y^S 1 2 6) . _rta*«F»4 4 3ftSfta«?«b 
ftt^W&bfci*. ^77^8 15 4-^1, iifS 

MtE^4 3^bA^^ttfcCA P r p x y 4 <D 
W^-EW^SriBfS^n h a ^ Zf^^ — SB 4 1 Srrfrb 
30 T-fr-^l^Sfrr* C*^ 1 2 8) 0 

[0 0 6 2] 1 OH andshake Prot 

ocolSl2tt, RecordProtocolgPl 

I ^LTCA Proxy 4 3&*feom^BEW#SrS« 
U *Og«Lfc«^IEW«fcX<5^TCA Prox 
y 4*SjEao^-^-t?*>4r t SrSBIEi-Si: i: t^. ? 
7^7>ht-^2A, 2B, 2 C ktOm^-m^M l^JBl* 

HandshakePro toco 1 gfl 1 2 JE^CM 
lilliCA P r o x y 4 StjE&OIt— k bT^tE*T5 
40 tfS, CA Pr oxy 4fi^7^7>ft^2A, 2 

B, 2C^«tooT*^-BE«»«ri»— ^l^aifflTL-Cv^ 

50T% Handshake Protocol£fll2 

II HIKl:tt^7^7yht^2A, 2B, 2C£r 
Ij|©t-^tUBEt5o CA Proxy 
4tt, ^5>f7yht-A2A, 2B, 2 CdSft^F-EK 
f ^MLiV^Tt ^ 7-Y 7^ h t-^ 2 A, 2 
B, 2C^ft^oTSeom^IEK*S:^-^l^m 

5^ toBt#3im^prtg^^5 e 
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[0 0 6 3 ] ^"r y^S 1 2 2 ~C" No" &m$i£tltz 

«L Sfcii^j/^si3 0o«, ^^ryht^ 

2A, 2B, 2 COH a n d s h a k e Protoc 

0 1352 211 4 8^ b<0a»*«£S-1t\ t<D%£$L 
^^fcSL^^rR ecordProtocol9521 ^ffi 
^Ji-^> D Record P r o t o c o 1912 lit A 

ff£-^H^:L£:a$:£ ,, CI ientKeyExchang 
e" * s/ir-v^ tttwq ^flt^ (^y^S 
132) o Handshake ProtocolS2 
2^**Ufca*tt. t^lt^7^Tyhtw^2 

A, 2B, 2C t^lB-C^— >S:l»*ii«i-5JRO*ii 
®^^t?)f:ft^tOTfc!), Handshake 
Protocol9522 tt v 38£ LfcaftSrJB^T**! 

[0 0 6 4] — ;5\ ICORecord Prot 

ocolSllIt CA Procy4 Ir^tr C 1 
ientKeyExchange" * y-fc — v>£:§fK 

/S134) e ^Lt, Record Protoco 

1 ffi 1 1 ft «#Lfca*«rH andshake Pr 
o t o c o 1 ^5 1 2^ttl^-f5c Handshake 
ProtocolSHIt A*£*L*:4 8/^-f h(^a 

[0 0 6 5] fy-tTls hV—'<2 A, 2B, 

2COChange CipherSpec Prot 

0 c o 1S2 3I1 X-r^^S 1 3 6*Tt^f— t 

^7^r^h2A, 2B, 2 c^orar*^lc$ttfcP&# 

" ChangeCipherSpec" * yfe — i^S: 
£j&LTR ecord Protocol321 ^ttiTt) 
-f~6o RecordPr o toco lS21lt 
KPaiaot" ChangeCipherSpec" 
* — ^SrBlHHbLfc {ChangeCipherS 
pec} KPaSr4*Lt^9^7>ht^2A, 2 

B, 2C^iffit5 (^y^S13 6) c 

[0 0 6 6] 1 OR ecord Protoco 

1 95 1 1 ft C A Proxy4 IT {Chang 
eCipherSpec) KPa S:g«U #ilSlK P 
a 2rJlV>T {ChangeCipherSpec} KP 
a &&-%-t~Z> e ^lt^ Record Protoco 
1 95 1 1 ft Ig-^Lfc" ChangeCipherSp 
ec^^y-tr — v^Change Cipher Sp 
e c$Bl 3-^tU^i"5 0 Change Cipher 
Spec ProtocolSjll3lt " Change 
CipherSpec** y-fc — ^«r$f*T, ^7^7 

yhf-/<2A, 2B, 2 Cdsi»»ji«*a;^»#a««c 

fs3tlf::i (^^^^S 138) 9 

ts ^7^7^ ff-^^2 A, 2B, 2CCDHands 

hakeProtocolffl22ft Handshak 



(9) ftffi 2002-244557 

16 

e Protocol <£>J&T £:S"?~" F i n i she 
d" * yt-y^UR ecord Protoc 
o 1 952 1 ^W^jf £o Record Protoco 

1952 in -bKtfftabfcW^btta^ao-CftfflliK 

Pa T*" Finished"* y -fe — S?*rltf*flS U 
iFini shed} KPa SrlJ— 1 ^tH^t* £ (* 

T-y-fS 140). 
[0 0 6 7] U-*—s< l^Record Protoco 
1S1 1 It CA P r o x y 4 Zjf It IFini s 
JO h e d } K P a SrSfs U ^rOg:ti IfclFinish 
ed} KPa^mKPaiaoTSftSc b 

t, Record P r o t o c o 1 Jffl 1 (t b 

fc" Finished"* ^t-v^lrH a n d s h a k 
e Protocol951 2-^tri^f £o H a n d s h 
ake ProtocolWl2lt " Finishe 
d" * ^y-fe— ^SrSa-TS (^^y^S 1 4 2) 0 
[0 0 6 8] fttgfd. HI 6 ^^~r^o— M-OV^ 

XmW^-Zc *:<nqk^ Change Cipher S 
pec ProtocolSl3ll " ChangeC 
20 ipherSpec"* 5/t-^§:^LtR e c o r 
dProtocol9511 ^ttiJj-$~Z>o Record 
ProtocolSl 1H *al«K.P a ICioT" C 
hangeCipherSpec" * y ir^-^SrBf-^Hb 
b. ^CDBf-^HbLfc {ChangeC i phe rSpe 
c} KPa^^7^7^htw<2A, 2B, 2C^S 

AM- 5 (^?y^S 14 4) 0 
[0 0 6 9] ^7-f7yft^2A, 2B, 2COR 
ecord Protocol9521 ft C A Pro 
xy4l:^lt {ChangeCipherSpec} 
30 KPa^gft, «®KPaiaot (Change 
CipherSpec} KPa 5:Mt5o ^It, R 
ecord P r o t o c o 1 «2 1 ft, bfc" C 

hangeCi phe r S p e c " ^yt-i/?:Cha 
nge CipherSpec Protocol952 
3^ttl^li~5o Change CipherSpec 
Protocol9523ft " ChangeCiphe 
r S p e c " * y-fe — ^«r*W"C1>— 1 dSflF-g-a«* 

6) o 

40 [0 0 7 0] %z <T>%.^ Handshake Proto 
colSl2lt ^7-f7yht^2A, 2B, 2C 
^3^fti''5H andshake Protocols*! 
TSr^-T" Finished"* y± — v^^fcfifcbTR 
ecord Protocol9511 ^ffi^"t~5o R e 
cord ProtocolSllIt ±IE-?8fc«>fcffif 
fftttIl:ffiot*UIKP aCiot" Finish 
e d" * y± — ^£Bf #fbU {F i n i s h e d} K 
Pa«r^7^7yhf^2A, 2B, 2 C — 
U77/S148) 0 ^7^7> ht-^2A, 2 

50 B, 2C<£>Record Protoco 19521 ft 
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CA Proxy4 (Fini shed} KP 

a £g«U ^(O^m^tz {Finished} KPa 
Jr*iSKP a laotSft^o ^tt, R e c o r 
d ProtocolS21lt Ufc" Finis 
h e d " ? yfe — v^SrH andshake Proto 
c o 1 92 2— mjj-rZo Handshake Pro 
toco 1S2 2I1 " Fini shed" * yt — i? 
$r§:S1-5 (^r^S 1 5 0) o 

[0 0 7 1 ] Xf'^S 1 5 1 t 9 7 4 

7yhf-^2A, 2B, 2Ci^)Hand sha ke 
Protocol. IP*>, tyVa >^»flSit3d$»T^ 
<5 e ^tt> ■9-*- '< l<£>Application Da 
ta ProtocolSl5 kTzf]) tr— is a >Ul 
6, dSitf^^T^Mh— ^2A, 2B, 2C£>Ap 
plication Data Pr o t o c o 132 
5i:7/y^V3yS2 6tCj:5*3l«iKP a SrJB^ 
fcfft#a«36SffftfeixT (^XS^S 152) , V—'< 
U^7^7yht^2A, 2B, 2Cfc<BW<Dji« 
TbmT-f-Z (x<rv7S 154) 0 

[0 0 7 2] S 4 >$>£>IE 6 \stz*7 n— HI 
^-fT^MJ— /<2A, 2B, 2 CdSiBom^-fEM 

«*:«»u*v^*-&^-^i ^7^ry Mf— /<2 

A, 2B, 2 C iOtyi/a ^ffi£5£8$c£>:7 u — h 

-c£>£ 0 ±ait<t 5te* ^7^ryFt^2A, 2 

B, 2C*ea©«-T-BEW»«r«* L*ivg-g-?fc, C 
A P r o x y 411 ? 7 4 T > hf-/<2 A, 2B, 
2 Cj&SjE^©"*— >*TS>5 - £ ^fCA Proxy 
4 ^m^SEMSSrl*--^ 1 ^«3SJK« U 1 t * 

7^7yht-^2A, 2B, 2 c t <om-emKmm& 

[0 0 7 3] B7-H9H twUt^7^7ybt 
-^2A, 2B, 2 C iOty^g ^flt£ B#OjgiJ<£> :7 n 

O^TRWTSo t^U^7^7yhtw<2A, 
2B, 2Ci<Dmo5i«3&sBB*6S*t5t Ur^S2 

00) , ^7^7yht-^2A, 2B, 2Ctf)Han 
dshake P r o t o c o 1 92 2li/ C 1 i e 
n t H e 1 1 o n ? y-fe — v^SrR ecord Prot 
ocol32lS:^tTjS«t5 Ury/S2 0 
2) 0 CA Proxy4 <£>i§ff :7"u h ^/W^ir^^-Y 
-94 111 ^7^7yht-^2A, 2B, 2C^b 
^ClientHello^ ^Srg« U * 

<DgftL*l" ClientHello"^ yir — i?** 
— 1 — 3!«-*-5o *~ 1 andshake P 
rotocolJU12ll Record Protoc 
o 1 91 1 ^IT" ClientHello"*y-fe 
— ^«rgffi-t-5 (^xy^S 2 0 4) c ^LT, Han 
dshake P r o t o c o 1 31 2lt g:{f Lfc w 
CI ientHel lo" * *y± — */\Z.<£*tlZ>Zfx2 h 
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fc;/n h=F/w<— v? 3 >\ •feyv'g V I D. *5<fctfBt-§- 
T/W^i; X^*" SeverHello"^ yfe — 
^T^7^7yhfw<2A, 2B, 2C^i§{rr6 
yXS 2 0 6) 0 
[0074] CA Proxy 4 0ilff^ P o F^Mt 
7 p ft"?li4 1 11 ih— y< 1 frb<D n ServerHe 

1 1 o" y-fe — S?«rS«U ^^Sftb^" S e r v 
10 e r He 1 1 o " * yfe — i^Sr^ T >- MJ— 2 

A, 2B, 2C^Mt5c>7^7yht^2A, 
2B, 2C<£>Hand shake Protocol^ 

2 2 11 " ServerHel 1 o " * yfe — S*4rR e 
cor Protocol921 LT§:{IL. " S 
erverHello w y yir — v ? ^S<5V>Xi^— 1 
^MLt7 p ph3;w<-^ 3 y, tr>a^ID, *s 

8) o :tii:«tot, f-/n^^7^ryhfw<2 

A, 2B, 2 Ct<Dm<Dm-%rmiSJ3i£&&fe£tlZ>* 
20 [0 0 7 5] *:<D%^ 1 <DH andshake 

Protocol9l2fl «^BEW»Sr«»"*-5^ : 5 
36***136 U UT7/S2 10) , m^HE^#*«^U 
TV^V*i*Jj£Lfci#. ^f>>7 P S 2 2 4^t 
5 Q Handshake P r o t o c o 1 $1 2(1 
ffi^SE93*£t!Mf LTi*5 i^JSLrtiirt. " Serv 

erCer t if i ca te" ^ c o r 

d Protocol^ll ^LTMt5 (X7"y 
yS212) 0 CA Proxy 4<Di!<f :/d h =2/U* 
1 II 9— s< 1 >6^CO w S e r v e r C 
J0 ertificate* £§:{f L. ^ Lfc" S e 
rverCer t i f i ca te" y-fe — i/SrCRL 
f*y^«4 2^ai*t5. CRLfx^^S42 
H " ServerCertif icate" ^ y-fe — 

(CRL) fcJS'&U *-'<l^«^EW»MEW«g 
^y^h (CRL) |:«ft5AWfxy^t*. 
tit, CRLf*y^»4 2H BH^ttjftSriifS^D 
h3Mtm^S4 1^t5 (^r^S2 1 
4) o 

40 [0076] -^-^ 1 <Dm*mwtt&mmmmm v * h 

(CRL) ^^tlZmS. ifi^nha/^t^t 
-3 4 111 -9—^1 ©«^tjEW»3ftS«a-C*>*r iSr 
*-t-*«iii»t:*— (^r^S2i 
6) p -t IT, ^ — lOHandshake Pro 
tocol9l2ll Record Protocol 
91 1 LTM#j5i*nS:S:{f L {*<r v?S 2 1 
8) % t-^1 ^7 / f7> / ht-^2 A, 2B, 2C 

50 — 1 i ^ 7^f 7^ ht-^2 A, 2B, 2 C £ Z>5i<f 
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tt»7U ^7^ryhtw<2A t 2B, 2C<DMM 

[0 0 7 7] ^fy/S214 |C*3^t. if — 1 £>m 
*EM»*BEM*«l*y * h (CRL) K^axTl^ 
l^¥U#r£*t*:££. CA Pr oxy4^H|7 p D h 

tE^S:^ 7 4 7 is h-fr— y<2 A, 2B, 2 C ^Slft L 
UT7/S 2 2 0) . # 74 7>" hty—s* 2 A, 2 
B, 2COHandshake Protocol?|S2 
2 f*. Record Protocolgi521 £r;fr It 
If— ^l©«^BEW»S:gflr-t-S (^r^S2 2 
2) o ItHaoT> /<l lijEg^f- ^TfcS: 

B, 2 Cl*. fwn^||«S:a#t5« 

[0 0 7 8] — ^77^5 2 1 0l;i*3l^tJ*. Ha 
ndshake Protocolgfll 2 J&S«^-SE91« 
Srife»bTV^*V^tipJ3eUfci:#, Handshake 
P r o t o c o 1 S 1 2 fi, " ServerKeyE 
xchange" * yt^v^^i^lTR e c o r d 
Protocolfflll — fcb^Ji"^e * tt, R e c o 
rd Protocol9llll " ServerKe 
yExchange" * yt^-isi: # 7 4 7 1/ bf-^ 
2 A, 2 B, 2 C^it-T^ Ur>^S 2 2 4) 0 r 
(7)" Serve rKeyExchange" ^ y^ — 
II. R S A<&M4@£/cl*D iffie&Hellman 

4fr&K. R S A4>gB«**:{*D iffie&Hellm 
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